<?php

/*

* $Author ：PHPYUN开发团队

*

* 官网: http://www.phpyun.com

*

* 版权所有 2009-2019 宿迁鑫潮信息技术有限公司，并保留所有权利。

*

* 软件声明：未经授权前提下，不得用于商业运营、二次开发以及任何形式的再次发布。

 */

/*

	[UCenter] (C)2001-2099 Comsenz Inc.

	This is NOT a freeware, use is subject to license terms



	$Id: user.php 1078 2011-03-30 02:00:29Z monkey $

*/



!defined('IN_UC') && exit('Access Denied');



class usermodel {



	var $db;

	var $base;



	function __construct(&$base) {

		$this->usermodel($base);

	}



	function usermodel(&$base) {

		$this->base = $base;

		$this->db = $base->db;

	}



	function get_user_by_uid($uid) {

		$arr = $this->db->fetch_first("SELECT * FROM ".UC_DBTABLEPRE."members WHERE uid='$uid'");

		return $arr;

	}



	function get_user_by_username($username) {

		$arr = $this->db->fetch_first("SELECT * FROM ".UC_DBTABLEPRE."members WHERE username='$username'");

		return $arr;

	}



	function get_user_by_email($email) {

		$arr = $this->db->fetch_first("SELECT * FROM ".UC_DBTABLEPRE."members WHERE email='$email'");

		return $arr;

	}



	function check_username($username) {

		$guestexp = '\xA1\xA1|\xAC\xA3|^Guest|^\xD3\xCE\xBF\xCD|\xB9\x43\xAB\xC8';

		$len = $this->dstrlen($username);

		if($len > 15 || $len < 3 || preg_match("/\s+|^c:\\con\\con|[%,\*\"\s\<\>\&]|$guestexp/is", $username)) {

			return FALSE;

		} else {

			return TRUE;

		}

	}



	function dstrlen($str) {

		if(strtolower(UC_CHARSET) != 'utf-8') {

			return strlen($str);

		}

		$count = 0;

		for($i = 0; $i < strlen($str); $i++){

			$value = ord($str[$i]);

			if($value > 127) {

				$count++;

				if($value >= 192 && $value <= 223) $i++;

				elseif($value >= 224 && $value <= 239) $i = $i + 2;

				elseif($value >= 240 && $value <= 247) $i = $i + 3;

		    	}

	    		$count++;

		}

		return $count;

	}



	function check_mergeuser($username) {

		$data = $this->db->result_first("SELECT count(*) FROM ".UC_DBTABLEPRE."mergemembers WHERE appid='".$this->base->app['appid']."' AND username='$username'");

		return $data;

	}



	function check_usernamecensor($username) {

		$_CACHE['badwords'] = $this->base->cache('badwords');

		$censorusername = $this->base->get_setting('censorusername');

		$censorusername = $censorusername['censorusername'];

		$censorexp = '/^('.str_replace(array('\\*', "\r\n", ' '), array('.*', '|', ''), preg_quote(($censorusername = trim($censorusername)), '/')).')$/i';

		$usernamereplaced = isset($_CACHE['badwords']['findpattern']) && !empty($_CACHE['badwords']['findpattern']) ? @preg_replace($_CACHE['badwords']['findpattern'], $_CACHE['badwords']['replace'], $username) : $username;

		if(($usernamereplaced != $username) || ($censorusername && preg_match($censorexp, $username))) {

			return FALSE;

		} else {

			return TRUE;

		}

	}



	function check_usernameexists($username) {

		$data = $this->db->result_first("SELECT username FROM ".UC_DBTABLEPRE."members WHERE username='$username'");

		return $data;

	}



	function check_emailformat($email) {

		return strlen($email) > 6 && preg_match("/^[\w\-\.]+@[\w\-\.]+(\.\w+)+$/", $email);

	}



	function check_emailaccess($email) {

		$setting = $this->base->get_setting(array('accessemail', 'censoremail'));

		$accessemail = $setting['accessemail'];

		$censoremail = $setting['censoremail'];

		$accessexp = '/('.str_replace("\r\n", '|', preg_quote(trim($accessemail), '/')).')$/i';

		$censorexp = '/('.str_replace("\r\n", '|', preg_quote(trim($censoremail), '/')).')$/i';

		if($accessemail || $censoremail) {

			if(($accessemail && !preg_match($accessexp, $email)) || ($censoremail && preg_match($censorexp, $email))) {

				return FALSE;

			} else {

				return TRUE;

			}

		} else {

			return TRUE;

		}

	}



	function check_emailexists($email, $username = '') {

		$sqladd = $username !== '' ? "AND username<>'$username'" : '';

		$email = $this->db->result_first("SELECT email FROM  ".UC_DBTABLEPRE."members WHERE email='$email' $sqladd");

		return $email;

	}



	function check_login($username, $password, &$user) {

		$user = $this->get_user_by_username($username);

		if(empty($user['username'])) {

			return -1;

		} elseif(!passCheck($password,$user['salt'],$user['password'])) {

			return -2;

		}

		return $user['uid'];

	}



	function add_user($username, $password, $email, $uid = 0, $questionid = '', $answer = '', $regip = '') {

		$regip = empty($regip) ? $this->base->onlineip : $regip;

		$salt = substr(uniqid(rand()), -6);

		$password = passCheck($password,$salt);

		$sqladd = $uid ? "uid='".intval($uid)."'," : '';

		$sqladd .= $questionid > 0 ? " secques='".$this->quescrypt($questionid, $answer)."'," : " secques='',";

		$this->db->query("INSERT INTO ".UC_DBTABLEPRE."members SET $sqladd username='$username', password='$password', email='$email', regip='$regip', regdate='".$this->base->time."', salt='$salt'");

		$uid = $this->db->insert_id();

		$this->db->query("INSERT INTO ".UC_DBTABLEPRE."memberfields SET uid='$uid'");

		return $uid;

	}



	function edit_user($username, $oldpw, $newpw, $email, $ignoreoldpw = 0, $questionid = '', $answer = '') {

		$data = $this->db->fetch_first("SELECT username, uid, password, salt FROM ".UC_DBTABLEPRE."members WHERE username='$username'");



		if($ignoreoldpw) {

			$isprotected = $this->db->result_first("SELECT COUNT(*) FROM ".UC_DBTABLEPRE."protectedmembers WHERE uid = '$data[uid]'");

			if($isprotected) {

				return -8;

			}

		}



		if(!$ignoreoldpw && !passCheck($oldpw,$data['salt'],$data['password'])) {

			return -1;

		}



		$sqladd = $newpw ? "password='".passCheck($newpw,$data['salt'])."'" : '';

		$sqladd .= $email ? ($sqladd ? ',' : '')." email='$email'" : '';

		if($questionid !== '') {

			if($questionid > 0) {

				$sqladd .= ($sqladd ? ',' : '')." secques='".$this->quescrypt($questionid, $answer)."'";

			} else {

				$sqladd .= ($sqladd ? ',' : '')." secques=''";

			}

		}

		if($sqladd || $emailadd) {

			$this->db->query("UPDATE ".UC_DBTABLEPRE."members SET $sqladd WHERE username='$username'");

			return $this->db->affected_rows();

		} else {

			return -7;

		}

	}



	function delete_user($uidsarr) {

		$uidsarr = (array)$uidsarr;

		if(!$uidsarr) {

			return 0;

		}

		$uids = $this->base->implode($uidsarr);

		$arr = $this->db->fetch_all("SELECT uid FROM ".UC_DBTABLEPRE."protectedmembers WHERE uid IN ($uids)");

		$puids = array();

		foreach((array)$arr as $member) {

			$puids[] = $member['uid'];

		}

		$uids = $this->base->implode(array_diff($uidsarr, $puids));

		if($uids) {

			$this->db->query("DELETE FROM ".UC_DBTABLEPRE."members WHERE uid IN($uids)");

			$this->db->query("DELETE FROM ".UC_DBTABLEPRE."memberfields WHERE uid IN($uids)");

			uc_user_deleteavatar($uidsarr);

			$this->base->load('note');

			$_ENV['note']->add('deleteuser', "ids=$uids");

			return $this->db->affected_rows();

		} else {

			return 0;

		}

	}



	function get_total_num($sqladd = '') {

		$data = $this->db->result_first("SELECT COUNT(*) FROM ".UC_DBTABLEPRE."members $sqladd");

		return $data;

	}



	function get_list($page, $ppp, $totalnum, $sqladd) {

		$start = $this->base->page_get_start($page, $ppp, $totalnum);

		$data = $this->db->fetch_all("SELECT * FROM ".UC_DBTABLEPRE."members $sqladd LIMIT $start, $ppp");

		return $data;

	}



	function name2id($usernamesarr) {

		$usernamesarr = uc_addslashes($usernamesarr, 1, TRUE);

		$usernames = $this->base->implode($usernamesarr);

		$query = $this->db->query("SELECT uid FROM ".UC_DBTABLEPRE."members WHERE username IN($usernames)");

		$arr = array();

		while($user = $this->db->fetch_array($query)) {

			$arr[] = $user['uid'];

		}

		return $arr;

	}



	function id2name($uidarr) {

		$arr = array();

		$query = $this->db->query("SELECT uid, username FROM ".UC_DBTABLEPRE."members WHERE uid IN (".$this->base->implode($uidarr).")");

		while($user = $this->db->fetch_array($query)) {

			$arr[$user['uid']] = $user['username'];

		}

		return $arr;

	}



	function quescrypt($questionid, $answer) {

		return $questionid > 0 && $answer != '' ? substr(md5($answer.md5($questionid)), 16, 8) : '';

	}



}



?>